sops-nix: acquire via fetchFromGitHub instead of flake

i don't like the hacks i have to do to mix `fetchFromGitHub` and nixos
modules though.

flake.lock

@@ -16,22 +16,6 @@
         "type": "github"
       }
     },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1717265169,
-        "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "release-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "nixpkgs-staging-unpatched": {
       "locked": {
         "lastModified": 1717740106,
@@ -69,31 +53,9 @@
         "nixpkgs-next-unpatched": "nixpkgs-next-unpatched",
         "nixpkgs-staging-unpatched": "nixpkgs-staging-unpatched",
         "nixpkgs-unpatched": "nixpkgs-unpatched",
-        "sops-nix": "sops-nix",
         "uninsane-dot-org": "uninsane-dot-org"
       }
     },
-    "sops-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs-unpatched"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable"
-      },
-      "locked": {
-        "lastModified": 1717455931,
-        "narHash": "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=",
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "rev": "d4555e80d80d2fa77f0a44201ca299f9602492a0",
-        "type": "github"
-      },
-      "original": {
-        "owner": "Mic92",
-        "repo": "sops-nix",
-        "type": "github"
-      }
-    },
     "uninsane-dot-org": {
       "inputs": {
         "nixpkgs": [

flake.nix

@@ -48,13 +48,6 @@
     # nixpkgs-unpatched.url = "github:nixos/nixpkgs?ref=nixos-staging-next";
     nixpkgs-next-unpatched.url = "github:nixos/nixpkgs?ref=staging-next";
 
-    sops-nix = {
-      # <https://github.com/Mic92/sops-nix>
-      # used to distribute secrets to my hosts
-      url = "github:Mic92/sops-nix";
-      # inputs.nixpkgs.follows = "nixpkgs";
-      inputs.nixpkgs.follows = "nixpkgs-unpatched";
-    };
     uninsane-dot-org = {
       # provides the package to deploy <https://uninsane.org>, used only when building the servo host
       url = "git+https://git.uninsane.org/colin/uninsane";
@@ -68,7 +61,6 @@
     nixpkgs-unpatched,
     nixpkgs-next-unpatched ? nixpkgs-unpatched,
     nixpkgs-staging-unpatched ? nixpkgs-unpatched,
-    sops-nix,
     uninsane-dot-org,
     ...
   }@inputs:
@@ -215,7 +207,8 @@
         sane = import ./modules;
         passthru = { ... }: {
           imports = [
-            sops-nix.nixosModules.sops
+            # TODO: vvv UGLY vvv
+            (nixpkgs-unpatched.legacyPackages.x86_64-linux.appendOverlays [ self.overlays.pkgs ]).sops-nix.nixosModules.sops
           ];
         };
       };

pkgs/additional/sops-nix/default.nix

@@ -0,0 +1,24 @@
+{ pkgs
+, fetchFromGitHub
+}:
+let
+  src = fetchFromGitHub {
+    owner = "Mic92";
+    repo = "sops-nix";
+    rev = "d4555e80d80d2fa77f0a44201ca299f9602492a0";
+    hash = "sha256-8Q6mKSsto8gaGczXd4G0lvawdAYLa5Dlh3/g4hl5CaM=";
+  };
+  flake = import "${src}/flake.nix";
+  evaluated = flake.outputs {
+    self = evaluated;
+    nixpkgs = pkgs;
+    nixpkgs-stable = pkgs;  #< shameless lie :)
+  };
+  overlay = evaluated.overlays.default;
+  final = pkgs.appendOverlays [ overlay ];
+in src.overrideAttrs (base: {
+  passthru = base.passthru
+    // (overlay final pkgs)
+    // { inherit (evaluated) nixosModules; }
+  ;
+})

pkgs/default.nix

@@ -80,6 +80,7 @@ let
     sanebox = callPackage ./additional/sanebox { };
     schlock = callPackage ./additional/schlock { };
     signal-desktop-from-src = callPackage ./additional/signal-desktop-from-src { };
+    sops-nix = callPackage ./additional/sops-nix { };
     static-nix-shell = callPackage ./additional/static-nix-shell { };
     sublime-music-mobile = callPackage ./additional/sublime-music-mobile { };
     swaylock-mobile = callPackage ./additional/swaylock-mobile { };